AddPermission

Grants an AWS service or another account permission to use a function. You can apply
the policy at the
function level, or specify a qualifier to restrict access to a single version or alias.
If you use a qualifier,
the invoker must use the full Amazon Resource Name (ARN) of that version or alias
to invoke the function.

To grant permission to another account, specify the account ID as the Principal. For AWS
services, the principal is a domain-style identifier defined by the service, like
s3.amazonaws.com or
sns.amazonaws.com. For AWS services, you can also specify the ARN or owning account of the
associated resource as the SourceArn or SourceAccount. If you grant permission to a
service principal without specifying the source, other accounts could potentially
configure resources in their
account to invoke your Lambda function.

This action adds a statement to a resource-based permission policy for the function.
For more information
about function policies, see Lambda Function Policies.

For AWS services, the ID of the account that owns the resource. Use instead of SourceArn to grant
permission to resources owned by another account (e.g. all of an account's Amazon
S3 buckets). Or use together
with SourceArn to ensure that the resource is owned by the specified account. For example, an Amazon
S3 bucket could be deleted by its owner and recreated by another account.

Errors

InvalidParameterValueException

One of the parameters in the request is invalid. For example, if you provided an IAM
role for AWS Lambda to
assume in the CreateFunction or the UpdateFunctionConfiguration API, that AWS Lambda is
unable to assume you will get this exception.

HTTP Status Code: 400

PolicyLengthExceededException

Lambda function access policy is limited to 20 KB.

HTTP Status Code: 400

PreconditionFailedException

The RevisionId provided does not match the latest RevisionId for the Lambda function
or alias. Call the
GetFunction or the GetAlias API to retrieve the latest RevisionId for your
resource.

HTTP Status Code: 412

ResourceConflictException

The resource already exists.

HTTP Status Code: 409

ResourceNotFoundException

The resource (for example, a Lambda function or access policy statement) specified
in the request does not
exist.

HTTP Status Code: 404

ServiceException

The AWS Lambda service encountered an internal error.

HTTP Status Code: 500

TooManyRequestsException

Request throughput limit exceeded.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs,
see the following: